Privacy Policy

Last updated: February 25, 2026

1. Identity and Contact Information

LaFacture is operated by LaFacture (The North Home). For questions about privacy, contact our Privacy Officer: Dominic Lapointe, Founder — dom.dlapointe@gmail.com.

2. Personal Information Collected

We collect the following categories of personal information:

  • Account data: full name, email address, password (encrypted), language preference, timezone.
  • Client data: name, contact name, email, phone, address, tax information, notes.
  • Invoice and financial data: amounts, payment details, Stripe transaction IDs.
  • Activity logs: IP addresses, user agent strings, timestamps, actions performed.
  • Organization data: legal name, email, phone, address, logo.
  • Contact form data: first name, last name, email, company, message.

3. Purposes of Collection

  • Account management and authentication
  • Invoicing and financial management
  • Payment processing via Stripe
  • Email communications
  • Activity logging for security
  • Service improvement
  • Third-party integrations (Slack, QuickBooks)

4. Third Parties

We share personal information with the following service providers:

  • Stripe - Payment processing
  • Google/Microsoft - OAuth authentication (only if you choose OAuth login)
  • Resend - Email delivery
  • Honeycomb - Application monitoring
  • Slack - Notifications (optional)
  • QuickBooks - Accounting sync (optional)

5. Retention Periods

Active account data is retained for the duration of your account. Financial records are retained for 7 years as required by Quebec tax law. Activity logs are anonymized after 24 months. Data is permanently deleted 30 days after account deletion.

6. Your Rights

Under Law 25 and PIPEDA, you have the right to:

  • Access your personal information
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data (JSON or CSV)
  • Withdraw consent at any time

To exercise these rights, visit Account > Data in the application or contact our Privacy Officer.

7. Cookies and Local Storage

We use essential cookies and local storage for authentication (JWT tokens). No third-party tracking cookies are used.

8. Security Measures

We protect your data with HTTPS, password hashing, CSRF protection, Content Security Policy headers, JWT token expiration, and encrypted OAuth tokens.

9. Policy Updates

We will notify you of material changes to this policy via email or in-app notification.